Lucene search

[email protected]NVD:CVE-2001-1514

HistoryDec 31, 2001 - 5:00 a.m.

CVE-2001-1514

2001-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to “operating system,” does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Affected configurations

Nvd

Node

macromediacoldfusionMatch4.5

macromediacoldfusionMatch5.0

VendorProductVersionCPE
macromediacoldfusion4.5cpe:2.3:a:macromedia:coldfusion:4.5:*:*:*:*:*:*:*
macromediacoldfusion5.0cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macromedia	coldfusion	4.5	cpe:2.3:a:macromedia:coldfusion:4.5:::::::*
macromedia	coldfusion	5.0	cpe:2.3:a:macromedia:coldfusion:5.0:::::::*

References

www.macromedia.com/v1/Handlers/index.cfm?ID=22263

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Related for NVD:CVE-2001-1514

cve1 cvelist1